Chrome扩展:如何更改AJAX请求标头中的来源? [英] Chrome Extension: how to change origin in AJAX request header?
问题描述
我尝试在ajax请求标头中手动设置原点。在我的background.js中,我有这个
I'm trying to manually set an origin in an ajax request header. In my background.js, I have this
var ajaxResponse;
$.ajax({
type:'POST',
url:'www.somewebsite.com/login/login.asp',
headers:{
'origin': 'https://www.somewebsite.com'
},
success: function(response){
ajaxResponse = response;
}
});
正如你所看到的,原点被改变。但是,当这个Chrome扩展程序执行时,源代码覆盖到 chrome-extension:// iphajdjhoofhlpldiilkujgommcolacc ,并且控制台会出现错误'Refused to set unsafe header'origin '
As you can see, the origin is changed. But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolacc and the console gives error 'Refused to set unsafe header "origin"'
我已关注Chrome API( http://developer.chrome.com/extensions/xhr.html ),并已设置以下权限
I've followed Chrome API (http://developer.chrome.com/extensions/xhr.html), and already set the permission as follows
"permissions": [
"https://www.somewebsite.com/*"
],
有没有人知道如何正确设置标题中的原点?感谢!
Does anyone know how to properly set the origin in header? Thanks!
推荐答案
您可能误解了 文档 :
扩展程序可以请求访问其源之外的远程服务器
这意味着扩展可以将请求发送到远程服务器(即浏览器本身不会像普通网页的JS那样阻塞请求) 。
这样做不意味着该扩展程序将允许与请求一起发送任意标头,并且远程服务器也不会响应该请求
This means that the extension can send the request to the remote servers (i.e. the browser itself will not block the request as would happen with a normal web-page's JS).
This does not mean that the extension will be allowed to send arbitrary headers along with the request nor that the remote server will respond to the request.
因此,如果远程服务器需要 Origin header,那么就没有什么可以做的,因为根据 规范 ,您不能设置 Origin 头(这个限制也适用于扩展)。
So, if the remote server, requires a specific value for the Origin header, then there is nothing you can do, since according to the specs you are not allowed to set the Origin header (and this limitation also holds for extensions).
这篇关于Chrome扩展:如何更改AJAX请求标头中的来源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
